Jerry, thanks for telling me about mysql_real_escape_string
However, at least what I prefer is that the _GET and other user input
variables would be as they were sent to the browser, in the sense that
' wouldn't be escaped to \' . A good example is you trying to write to
a file :x